Lucene search

[email protected]CVE-2006-6803

HistoryDec 28, 2006 - 9:28 p.m.

CVE-2006-6803

2006-12-2821:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6803

sql injection

enthrallweb ecars 1.0

types.asp

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.

Affected configurations

NVD

Node

enthrallwebecarsMatch1.0

CPENameOperatorVersion
enthrallweb:ecarsenthrallweb ecarseq1.0

CPE	Name	Operator	Version
enthrallweb:ecars	enthrallweb ecars	eq	1.0

References

osvdb.org/31681

secunia.com/advisories/23566

www.securityfocus.com/bid/21748

www.vupen.com/english/advisories/2006/5153

www.exploit-db.com/exploits/2989

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2006-6803

cvelist1 nvd1